Adding additional Active Directory Groups for Splunk Authentication


Jonathan Frappier Virtxpert

Here is a quick guide to adding additional Windows Active Directory groups for Splunk authentication to allow users to log in.  You can see how to configure Splunk for Active Directory here.  If you have not already done so, create the Active Directory group that you want to grant access to and add the users you want to to access Splunk into the group.

  • Log into Splunk as an administrative user
  • Click on Settings >> Access controls
  • Click on Authentication Method, then Configure Splunk to use LDAP and map groups
  • Click on the Map groups links for your AD
  • Click on the group you want to provide access to
  • Select the roles you want to provide to the group and click Save.
  • Log out of Splunk and log back in as a user who is part of the AD group you added.

If you are not able to log into Splunk, do the following:

  • Verify the user account object you are trying to log in as is within your user base DN setting for AD
  • Click on Settings >> Access controls >> Authentication method and click Reload authentication configuration
  • Click on Settings >> Server Controls >> Restart Splunk

Adding additional Active Directory Groups for Splunk Authentication